wpa_supplicant 2.6 HWMP routes no traffic
me at bobcopeland.com
Tue Oct 4 04:20:38 PDT 2016
On Tue, Oct 04, 2016 at 12:44:32PM +0200, Jeroen Roovers wrote:
> /usr/sbin/wpa_supplicant -c/etc/wpa-mesh.conf -s -i wlan1 -Dnl80211 -P
> /var/run/wpa.pid -B -d
> Configuration (/etc/wpa-mesh.conf):
> This is an IEEE 802.11s network using a kernel 3.4.112 with a modified
> rt2800usb driver for the RT2870 USB wireless modules.
> With version 2.5 this gives me a nicely working secure mesh network.
> With 2.6 peering works, but I only see broadcast packets and no direct
> communications between peers are coming through. It looks like routing
> fails most of the time.
wpa_supplicant mostly isn't involved in HWMP besides installing the
group keys - once peering is done, the kernel handles the rest.
Note there were a number of issues with encrypted networks not
correctly implementing the standard that were resolved recently.
These will cause backwards-compatibility issues, though I'm not
sure if they landed in 2.6. The changes are:
- an IGTK was installed whether or not ieee80211w was selected
- said IGTK was also the MGTK instead of a separate key
- AMPE element in peering frames didn't include IGTK (if desired)
- AMPE element incorrectly included keys in peering close frames
And in the kernel:
- self-protected management frames (HWMP) were integrity protected
(with that MGTK-as-IGTK) instead of encrypted with MGTK as required
by the standard. This was fixed in 4.8.
All of the above issues with wpa_supplicant were also fixed in the
master branch of authsae.
Do you have all of the devices on the same wpa_supplicant version?
If not, try that first.
If so, I might look at which keys are installed in the kernel; if
the kernel is expecting protected management frames for HWMP then they
will need to have the IGTK installed (ieee80211w enabled).
Bob Copeland %% http://bobcopeland.com/
More information about the Hostap